<?php

// Include the different user types so we can filter out unauthorized users
include("include/dbUserTypes.php");

// Include our user class
include_once("include/user.php");

// Create a variable to store our user if we're validated
$user = null;

// Check if we're in a valid session. If not, go back to main login page.
if( !isset($_SESSION['user']) || $_SESSION['user'] == null ) {
    header("location:main_login.php");
}
else {
    // Unserialize our user to turn it back into a useful object
    $user = unserialize($_SESSION['user']);
}

// If we're not an admin go back to the user redirection page
if( $user->getUserType() != $USERTYPE_ADMIN ) {
    header("location:login_success.php");
}
else
{
    // Connect to our database
    include("include/dbconnection.php");
    
    // Select all users that are not administrators
    $db_query = "SELECT 
    u.$TABLE_USERS_USERID, t.$TABLE_USERTYPE_USERDESCRIPTION, 
    u.$TABLE_USERS_USERNAME, u.$TABLE_USERS_ENTRYDATE, u.$TABLE_USERS_LASTCONNECTED, 
    u.$TABLE_USERS_EMAILADDRESS, u.$TABLE_USERS_USERTYPE
    FROM $TABLE_USERS u 
    LEFT JOIN $TABLE_USERTYPE t ON u.$TABLE_USERS_USERTYPE = t.$TABLE_USERTYPE_USERTYPE 
    WHERE u.$TABLE_USERS_USERTYPE != $TABLE_USERTYPE_TYPEADMIN";
    
    // Get the results of the query
    $resultSet = mysql_query($db_query);

    // If we didn't get results, output simple message.
    // Otherwise show the new users.
    if(mysql_num_rows($resultSet) == 0)
        echo "No users exist to manage.";
    else
    {?>     
        <table style="width: 740px">
            <tr style="background: #FFFFFF; color: #74653D;">
                <th>User ID</th>
                <th>User Type</th>
                <th>Username</th>
                <th>Created On</th>
                <th>Last Connected On</th>
                <th>Email</th>
                <th>Edit</th>
                <th>Delete</th>
            </tr>
        <?php
        // Show all the users and add edit and delete links.
        while( $row = mysql_fetch_array($resultSet) ) {
            ?>
            <tr>
                <td><?php echo $row[$TABLE_USERS_USERID]?></td>
                <td><?php echo $row[$TABLE_USERTYPE_USERDESCRIPTION]?></td>
                <td><?php echo $row[$TABLE_USERS_USERNAME]?></td>
                <td><?php echo date("d/m/Y", $row[$TABLE_USERS_ENTRYDATE]) ?></td>
                <td><?php echo date("d/m/Y", $row[$TABLE_USERS_LASTCONNECTED]) ?></td>
                <td><?php echo $row[$TABLE_USERS_EMAILADDRESS]?></td>
                <td><a href="admin_manageUsers.php?id=<?php echo $row[$TABLE_USERS_USERID]?>">Edit</a></td>
                <td style="padding-top: 11px">
                    <form name="deleteForm_<?php echo $row[$TABLE_USERS_USERID]?>" method="post" action="include/admin/deleteUser.php">
                        <input name="deleteID" type="hidden" value="<?php echo sha1($row[$TABLE_USERS_USERNAME].$row[$TABLE_USERS_USERID])?>"/>
                        <input name="id" type="hidden" value="<?php echo $row[$TABLE_USERS_USERID]?>"/>
                        <input name="username" type="hidden" value="<?php echo $row[$TABLE_USERS_USERNAME]?>"/>
                        <input name="type" type="hidden" value="<?php echo $row[$TABLE_USERS_USERTYPE]?>"/>
                        <a href="javascript: if(confirm('Are you sure you want to delete user <?php echo $row[$TABLE_USERS_USERNAME]?>?') )deleteForm_<?php echo $row[$TABLE_USERS_USERID]?>.submit();">Delete</a>
                    </form>                    
                </td>
            </tr>          
            <?php
        } // End while loop ?>
        </table>
    <?php
    } // End else statement
    
    // Close the connection
    mysql_close();
    
    
    
}


